About 80,000 Patients Affected by Fertility Centers of Illinois Cyberattack

Fertility Centers of Illinois (FCI) has just informed 79,943 existing and former patients regarding unauthorized individuals that may have viewed or obtained some of their protected health information (PHI).

FCI discovered suspicious network activity on February 1, 2021, and took immediate action to protect its systems. Independent forensic investigators were then called in to know the nature and magnitude of the security breach.

FCI had carried out security measures to keep patient data safe, and those steps made certain its electronic medical record system could not be accessed; nevertheless, the attackers were confirmed to have viewed administrative records and folders. An analysis of those files showed on August 27, 2021, that they included a selection of patient data such as names along with one or more of the following types of information:

Passport numbers, Social Security numbers, financial account data, payment card details, diagnoses, treatment details, medical record numbers, billing/claims data, prescription data, Medicaid/Medicare ID details, health insurance subscriber numbers, medical insurance group numbers, referring doctors, patient account numbers, encounter numbers, usernames and passwords along with PINs or account login data.

Employee details were likewise possibly compromised including names, employer-issued identification numbers, ill-health/retirement data, occupational health-related details, medical benefits and entitlements data, sickness certificates, and patkeys/reason for absence.

FCI stated it had stringent security procedures set up to avoid unauthorized data access, however, the attackers were able to circumvent those controls. Since then, steps were taken to further safeguard its systems, information, and equipment, such as employing enterprise-class identity verification software and providing extra training to the employees on security procedures.

All affected persons were advised via mail and were offered 12-months credit monitoring and identity theft protection services at no cost through Equifax.